Infrastructure for a secure interface between wireless and wired networks
Download
1 / 10

Infrastructure for a Secure Interface between Wireless and Wired Networks - PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on

Infrastructure for a Secure Interface between Wireless and Wired Networks. Chen-Nee Chuah & Mark D. Spiller CS 261, Dec. 4, 1998. Mobile Services & Issues. Envisioned Service Types: How does one integrate the security of the wireless system and the (wire-based) services?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Infrastructure for a Secure Interface between Wireless and Wired Networks' - joann


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Infrastructure for a secure interface between wireless and wired networks

Infrastructure for a Secure Interface between Wireless and Wired Networks

Chen-Nee Chuah & Mark D. Spiller

CS 261, Dec. 4, 1998


Mobile services issues
Mobile Services & Issues Wired Networks

  • Envisioned Service Types:

  • How does one integrate the security of the wireless system and the (wire-based) services?

  • What levels of trust are possible, and with whom?


Gsm overview
GSM Overview Wired Networks

AS: {Ki, IMSI}

  • Phone company authenticates and sets up encrypted connection before any data transfer.

  • Shared secret between SIM and AS allows the setup of a secure link between the BS and the mobile unit.

  • BS is trusted per session by handset and AS.

  • GSM’s security assumed sufficient.

GSM Network

AS

2.{Rand, SRES,Kc}

1.{IMSI/TMSI}

BS

Encrypted

with Kc

4.{SRES}

3.{Rand}

SIM: {Ki, IMSI}


Ideal gsm service interface
Ideal GSM Service Interface Wired Networks

AS: {Ki1, SRES1,Kc}

  • Ideal Case: Separate secret and encrypted link to SG

  • AS/BS provide connection, but not trusted

  • Not feasible with current GSM infrastructure

GSM Network

AS

SG: {Ki1, SRES1,Kc}

SG

BS

S

S

Components:

  • Handsets/SIM

  • Base Station (BS)

  • Authentication Station (AS)

  • Service Gateway (SG)

  • Intermediate proxies?

  • Services (S)

Encrypted

with Ks

Encrypted

with Kc

SIM: {{Ki1,SRES1,Kc},

{Ki2, SRES2,Ks}}


Service interfaces for gsm
Service Interfaces for GSM Wired Networks

AS: {Ki, SRES, Kc}

  • Design variables, given GSM authentication, secure air channel, and existing deployed base:

    • Who connects to the SG (AS,BS)?

    • The security along that link

  • SG entrusted with Ki, re-authenticates user via some sort of re-challenge, or

  • Shared secret between phone company (AS) and SG.

  • Lack of ability to change phone forces some trust of BS

GSM Network

AS

SG

BS

S

S

Encrypted

with Kc

SIM: {Ki,SRES,Kc}


Service gateway sg issues
Service Gateway (SG) Issues Wired Networks

  • What is provided on the service side to

    • Authenticate the user?

    • Provide security & trust in the BS-SG and SG-S links?

  • Design variables:

    • How much do we trust SG versus the phone company?

    • What are the costs involved (e.g. backward compatibility)?

    • What are the inherent limitations (SIM cards, handsets, base stations, services)?


Service gateway trade offs
Service Gateway Trade-Offs Wired Networks

Security


Implementation of infrastructure
Implementation of Infrastructure Wired Networks

Uses existing Iceberg test-bed - Changes required:

  • Additional intelligence in UPSIM (PLUS) that controls BS

    • Recognize service request and forward to IP-PAD

  • IPPAD sub-module and SG interfaces

    • Authenticate user via BS, and get ticket/key to set up encrypted channel from BS to services (Models 2 & 3).

IPPAD

BS

SG

S

UPSIM

S

Ethernet


Conclusions future work
Conclusions & Future Work Wired Networks

  • It would have been nice if service support had been designed into the GSM spec from the start.

  • We explored some solutions for secure service access, but:

    • The existing technology infrastructure & protocols are limited (e.g.double encryption (hardware/software))

      • Too much trust in the BS and phone company

        • Best case uses time-stamped session key/ticket to avoid replay attack, and password changes to revoke BS trust

    • The means of choosing and interacting with services from a phone are limited (some standard way/number/etc is needed).

  • Future Issues:

    • Compatibility between different systems.

    • How do proxies fit into the security model?


Header
Header? Wired Networks

GSM

Services...


ad